Summary
Repository go-saas/kit-layout currently has Issues disabled, so layout audit findings are tracked here for visibility.
Findings Tracked (from workspace audit)
- Security defaults: hard-coded JWT/cookie secrets, permissive CORS, root container runtime.
- Startup resilience: multiple panic exits, tracer defer nil risk, nil deref in update/migrate paths.
- API contract: delete id validation gap, unbounded list page size, ignored update mask, swagger route not mounted.
- Deployment mismatch: EXPOSE ports differ from runtime listening ports, possible CMD/binary naming mismatch.
Suggested Direction
- Enable issues in
go-saas/kit-layout and migrate this tracking item into repo-native issues.
Summary
Repository
go-saas/kit-layoutcurrently has Issues disabled, so layout audit findings are tracked here for visibility.Findings Tracked (from workspace audit)
Suggested Direction
go-saas/kit-layoutand migrate this tracking item into repo-native issues.